<?php

function getChangePassForm($error = null)
{
	if(isset($error))
	{
		$error = '- '.$error;
	}
	
   echo '<FORM METHOD="POST" ACTION="?page=changepw&action=change">';
   echo '<table class="changepass">';
   echo '<tr>
          <td>Old Password</td>
          <td><input type="password" name="old_password" class="sexy"> </td>
         </tr>
         <tr>
          <td>New Password</td>
          <td><input type="password" name="password" class="sexy"></td>
         </tr>
         <tr>
          <td>Repeat New Password</td>
          <td><input type="password" name="password2" class="sexy"></td>
         </tr>
         <tr>
         	<td colspan="2"><font color="red">'.$error.' </font></td>
         </tr>
         </table>
         <p><input type="submit" value="Change" class="bsexy"></p>
         </form>';
 	
}


function ChangePassword($password, $password2, $old_password)
{
	if($password != $password2)
	{
		$error = 'New password\'s don\'t match.';
	} 
	
	$old_password = encrypt($old_password);
	
	$aid = $_SESSION['uid'];
	$q = mysql_query("SELECT * FROM account WHERE id='$aid' AND password='$old_password'");
	if(mysql_num_rows($q) == 0)
	{
		$error = 'Old password is not correct.';
	}
	
	if(strlen($password) < 6 || strlen($password2) < 6)
	{
		$error = 'Password must contain atleast 6 characters.';
	}
	
	if(empty($password) || empty($password2) || empty($old_password))
	{
		$error = 'Please fill in all the fields.';
	}
	
	if(!empty($error))
	{
		getChangePassForm($error);
	}
	else
	{
		$password = encrypt($password);
		if(mysql_query("UPDATE account SET password='$password' WHERE id='$aid'"))
		{
			echo '<font color="green">- Password has succesfully been changed.</font>';
		}
		else
		{
			$error = 'An error has occured, please contact the site administrator.';
			getChangePassForm($error); 
		}

		
	}
	
	
	
}


function getChangepass()
{
	
	
    if(isset($_GET['action']) && $_GET['action'] == 'change')
	{
		ChangePassword($_POST['password'], $_POST['password2'], $_POST['old_password']);
	}
	else
	{
		getChangePassForm();
	}
	
		

}



?>